Month: September 2014

Histoire des codes secrets. De l’Égypte des pharaons à l’ordinateur quantique

Histoire des codes secrets. De l’Égypte des pharaons à l’ordinateur quantique

L’Histoire des codes secrets : De l’Égypte des pharaons à l’ordinateur quantique est un livre écrit par Simon Singh (titre original en anglais : The code Book) publié pour la première fois en 1999. Le livre se décompose en 8 parties chacune passant en revue l’évolution de la cryptographie des pharaons, passant par Marie Stuart reine d’Écosse et la machine Enigma, jusqu’à l’ordinateur quantique.

Sommaire

Exercices

Le livre permet grâce à 10 exercices de mettre en application les techniques vues dans le livre. D’une difficulté croissante, les premiers se résolvent en quelques heures alors que les derniers sont d’un niveau quasi-professionnel. Le concours mis en place à la première édition du livre sorti en 1999 avait pour récompense 10 000 livres sterling. Le 7 octobre 2000, les solutions furent trouvées après plus d’un an de recherche.

Critiques

D’après Sciences & Avenir, le livre « se lit comme un polar. C’est aussi une magistrale vulgarisation des techniques de chiffrement et de déchiffrement »1.

D’après France Culture, le livre a le mérite d’attirer l’attention sur l’enjeu actuel de respect de la vie privée2.

Chapitres

  • Chapitre 1: Le chiffre de Marie, reine d’Écosse
  • Chapitre 2: le chiffre indéchiffrable
  • Chapitre 3: La mécanisation du codage
  • Chapitre 4: A l’attaque d’Enigma
  • Chapitre 5: La barrière de la langue
  • Chapitre 6: Alice et Bernard s’affichent en public
  • Chapitre 7: Pretty Good Privacy
  • Chapitre 8: Saut quantique dans le futur

Annexes

  • Annexe A: Premier paragraphe de A Void
  • Annexe B: Quelques conseils élémentaires sur l’analyse de fréquence
  • Annexe C: Le code dit de la Bible
  • Annexe D: Le chiffre Pigpen (L’enclos des cochons)
  • Annexe E: Le chiffre de Playfair
  • Annexe F: Le chiffre ADFGVX
  • Annexe G: Pourquoi il ne faut pas utiliser deux fois un chiffre à clef jetable
  • Annexe H: Solutions des mots croisés
  • Annexe I: Quelques exercices pour le lecteur intéressé
  • Annexe J: Les mathématiques du système RSA

Notes et références

Voir aussi

Article connexe

Liens externes

{{ source }}

Utilizing Island Hopping in Targeted Attacks

Every company is a potential cyber-attack target; even if they’re not the “end target.” This is what “island hopping” aims to achieve.

Island Hopping, also known as “leapfrogging” was formerly known as a military strategy in which attackers initially concentrate their strategy on entities that were not their original targets but can be leveraged in order to get to the original target.

Island hopping or “leapfrogging” is also being applied in targeted attacks, where attackers carry out the technique by not going straight to the target company. Instead, attackers go after their target’s affiliates first – preferably smaller companies who may not be as protected. These targeted companies may be from any industry of any size, including small businesses, payroll and HR services, healthcare firms, and law firms.

Attackers that use the island hopping technique may then use these companies to gain access to the affiliate in order to get to the target company. Another way it is applied is when the attacker moves laterally within the target network itself. Attackers usually scan for other systems connected to the one initially compromised and attempt to penetrate them as well.

Target data breach

One of the most notable cases of a targeted attack that used the island hopping technique was the Target data breach early 2014. The story behind the Target data breach inevitably revealed that Fazio Mechanical Services, a heating and refrigeration firm, reported that their systems were abused by cybercriminals in order to breach the retail giant. Multiple sources close to the investigation reveal that credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers.

Recommendations and countermeasures

It is recommended for IT administrators to look out for these signs of a potential data breach:

  • Injected DNS records -Attackers often tamper with DNS records in order to make sure that connections to their C&Cs are not blocked.
  • Failed/irregular logins – Checking for failed login attempts, as well as successful ones made at irregular time periods can reveal attackers’ attempts to move within the network.
  • Unknown large files are often an indicator of a data breach and may need to be checked as it may contain data stolen from within the network. Attackers often store these files in their targets’ systems prior to exfiltration
  • It’s important to study the warnings issued by your security solutions even though most warnings flag non-malicious files.

{{ source }}